Offensive Security Engineer

Herndon, VA, United States

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Product Job Details

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

Offensive Security Engineer - Senior/Lead

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

About Our Team

Salesforce Offensive Security Team is seeking a Senior/Lead Security Engineer to help keep Salesforce secure for its customers. In this role, you will attack Salesforce's services, applications, and websites to discover security issues and report them to our internal technology teams. This position will provide you with challenging opportunities, both technologically and as a leader, but will also be a great deal of fun if hacking Salesforce alongside a team of highly skilled individuals sounds exciting to you!

An Offensive Security Engineer at Salesforce is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Security, as well as provide technical leadership and advice to teams and leaders throughout Salesforce. You will be in direct contact with teams in a variety of Clouds, giving you first hand knowledge about how Salesforce is built and how it operates at a deep, technical level. Additionally, you will demonstrate the knowledge you gain about Salesforce to find new ways to break services, processes, and technologies throughout the company!

Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. You will demonstrate resilience and navigate ambiguous situations with composure and tact. You will be encouraged to have outstanding communication skills, ability-to-learn quickly, and being a multiplier.

Impact - Responsibilities

An Offensive Security Engineerwill be conducting high quality offensive security operations independently, or as part of a team. The role entails creating detailed engagement plans and thoroughly documenting findings, gaps, and remediation recommendations and contributing to team tooling, innovation, and improvements. Offensive Security Leads collaborate with other teams within the organization, such as the incident response team, IT teams, and senior leadership, to ensure that security vulnerabilities are properly addressed and to influence, prioritize, and drive the resolution of discovered security findings.

This particular role will be focussed on AI/ML Offensive Security, so prior experience in this domain is a big plus.

Minimum Qualifications:

Bachelor's Degree or equivalent work experience required, preferred Master in engineering, computer science, or a related technical field

6+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines​

6+ years of work experience with dynamic and manual code auditing to identify security issue and interpreted or compiled languages (e.g. Python, Ruby, C/C++, Java, .NET)

Tried experience in a penetration testing or similar offensive security role

Experience with threat modeling, design review, or other threat analysis techniques

Effective communication and collaboration skills to work seamlessly with multi-functional teams

Prior work in AI/ML Security

Required Qualifications:

Shown understanding of:

Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services

Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)

Experience in developing security tooling and automation

Preferred Qualifications:

Experience in CTF competitions, CVE research, and/or Bug Bounty recognition

A passion for improving security, systems, and processes

OSCP or OSCE certification

*LI-Y

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records. For Colorado-based roles, the base salary hiring range for this position is $138,000 to $221,000. For Washington-based roles, the base salary hiring range for this position is $151,800 to $243,100. For California-based roles, the base salary hiring range for this position is $165,600 to $265,200. Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.